exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam

Exam CAS-004 topic 1 question 552 discussion

Actual exam question from CompTIA's CAS-004
Question #: 552
Topic #: 1
[All CAS-004 Questions]

A security team receives alerts regarding impossible travel and possible brute-force attacks after normal business hours. After reviewing more logs, the team determines that specific users were targeted and attempts were made to transfer data to an unknown site. Which of the following should the team do to help mitigate these issues?

  • A. Create a firewall rule to prevent those users from accessing sensitive data.
  • B. Restrict uploading activity to only authorized sites.
  • C. Enable packet captures to continue to run for the source and destination related to the file transfer.
  • D. Disable login activity for those users after business hours.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Steel16
1 week ago
Selected Answer: B
o Impossible travel and brute-force attacks: These indicate a potential compromise of user accounts, allowing attackers to access systems from unusual locations and attempt to gain access with brute-force password attempts. o Data transfer to an unknown site: This further confirms malicious activity where the attacker is trying to exfiltrate sensitive data to an unauthorized location. o Direct mitigation: By restricting uploading activity to only authorized sites, the security team can prevent the attacker from transferring data to unknown locations, effectively stopping the data exfiltration attempt.
upvoted 1 times
...
Bright07
1 month, 3 weeks ago
Selected Answer: B
B. Restrict uploading activity to only authorized sites. This is a proactive and effective way to mitigate the risk of data exfiltration. By restricting uploading activities to trusted sites, you can prevent users from uploading data to unknown or malicious sites, effectively blocking the attempted data transfer.
upvoted 1 times
...
grelaman
5 months ago
From my perspective there is not a correct choice. It is reasonable to conclude that those users were compromised based on the indicators provided. Immediate Response: that should be taken: • Account Lockdown: Temporarily disable the affected user accounts to prevent further unauthorized access. • Password Reset: Force a password change for the compromised accounts and ensure that new passwords are strong and unique. • Multi-Factor Authentication (MFA): Implement or enforce MFA for all user accounts to add an additional layer of security beyond just passwords. If the users were not compromised I would choose: B. Restrict uploading activity to only authorized sites. But again, the description "attempts were made to transfer data to an unknown site" shows that the users were compromised.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago